From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41])
 by mx.groups.io with SMTP id smtpd.web10.15300.1675223220656907848
 for <devel@edk2.groups.io>;
 Tue, 31 Jan 2023 19:47:01 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@nvidia.com header.s=selector2 header.b=U7r1RV9p;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: nvidia.com, ip: 40.107.236.41, mailfrom: nicklew@nvidia.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=We7Ytmx7zAiyPSMMDwvQXfhv/+dhjxHfqTg1rCcJLCnJ8lOlH6Lg4SzX4JArJ9JU2CgJ9BsjvoKj/4CcnBFvar1oHcJMf9LhZc9wJfaqjtzeW2C/eTBKAtKeOwWN5sFoMp+Wg8xy7Knmus522ZO8iAy0ovoJi/tkk3BDDh6hR20xu9nqNb1Iivn6o/1h1J0iVDgkCaLg8py7sKVhggOp1LcDWMg1XMQG8fV16QvXE/36xxcL4BrTF/v8l7KYEjPaBwYQs2D0GJfzHrI7ohrQFmcm+ma/PULTEbEjY+dJt26sBO+8GahGEPJDTj9mZa7Zr2baBXAbHhDvVnDruZYq1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=9D/XKCJsaPoWN6o8tmfhN4LFhhneZG7D15j6szB+wyk=;
 b=GUU70NPFYsbJvbAhix5hms8KbiTiatG2f/rYogK3jSn20Lbv7CpR8XfLIaKSyPrIucotaQ2iqb3Fqty7nFKAiWPc+GftTzqWgK07Ym9ofsrnuaGBHwvorF4ne5CyjYIlrgjwMPwoMTzdxMlyuBgiQf3/jFblBR0Gl1CsEIYCr9U+MBoAUYlgG5pBiRmdb8qguvW4JnxOxtTSgWRTDPYdOuk8+lpnpfIgy0qR1vK3DpoaYPxcpgdrQrHrogTtKN6crDQ7C2k4WqrUof95m4qNwToPbSKlDOd0OYap02l2nfu+G34bAJDQcswDBoJeXc6KB12MnmKsQKrX19er0FIzBA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=9D/XKCJsaPoWN6o8tmfhN4LFhhneZG7D15j6szB+wyk=;
 b=U7r1RV9pW32Mi0812iGfP0WNHzpercwIpglhNn0Oq8xBXIqT8o1/ZnH09AtX5HhJiiXhl4zuHWh8WUeMbkG3UEGq+i5RFELn2RHL63pnPP/KxIksvowhhSwXc8jyp+wq/TBzxxnS1DLzdLRJabX9F5169cdWUgtLFW1A+8GHJCrmJgfiksF07nH45LNu5L9Cw8TtJqMmaOv731lxLBDzjlFf4xcyfLNbKj/Y7MZfTjghdvsdMd/vwx/DO9sXeEhxotd1tZ76X3OYRypltH7ZbIlTf7MErpnNkPRKBXJoOVBNBlT0exORwtTyX0Zj4Ytwjks+AtE36WDJq9O3JDHvLg==
Received: from BN8PR12CA0026.namprd12.prod.outlook.com (2603:10b6:408:60::39)
 by CO6PR12MB5428.namprd12.prod.outlook.com (2603:10b6:5:35c::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.36; Wed, 1 Feb
 2023 03:46:58 +0000
Received: from BN8NAM11FT014.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:60:cafe::13) by BN8PR12CA0026.outlook.office365.com
 (2603:10b6:408:60::39) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.38 via Frontend
 Transport; Wed, 1 Feb 2023 03:46:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.160) by
 BN8NAM11FT014.mail.protection.outlook.com (10.13.177.142) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6064.22 via Frontend Transport; Wed, 1 Feb 2023 03:46:57 +0000
Received: from rnnvmail205.nvidia.com (10.129.68.10) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Tue, 31 Jan
 2023 19:46:48 -0800
Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail205.nvidia.com
 (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Tue, 31 Jan
 2023 19:46:47 -0800
Received: from NV-CL38DL3.nvidia.com (10.127.8.10) by mail.nvidia.com
 (10.129.68.8) with Microsoft SMTP Server id 15.2.986.36 via Frontend
 Transport; Tue, 31 Jan 2023 19:46:46 -0800
From: "Nickle Wang" <nicklew@nvidia.com>
To: <devel@edk2.groups.io>
CC: Abner Chang <abner.chang@amd.com>, Igor Kulchytskyy <igork@ami.com>, "Nick
 Ramirez" <nramirez@nvidia.com>
Subject: [PATCH 2/2] RedfishPkg/RedfishDiscoverDxe: provide PCD to disable TLS host verify
Date: Wed, 1 Feb 2023 11:46:46 +0800
Message-ID: <20230201034646.665-1-nicklew@nvidia.com>
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
Return-Path: nicklew@nvidia.com
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT014:EE_|CO6PR12MB5428:EE_
X-MS-Office365-Filtering-Correlation-Id: 4a892760-745c-4967-792b-08db0406f819
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	WtWzCdOLKMAJVFN84nrjcotmn9z+LVhiUZt5yr0yBv6rypaIqZdRKUVTo0RIarBNIrK5o0pbFsJAqtlvmZpbFiAa7huy/3SCNFXayhTUQugS7ni7aI/3BJ9gWtOAm0v2Zo1BOQsjAYVkvSKzhV4QbpD6vyecXynd7IVMoJ7OexqfURQUDxIDjjofRDe26qvMhq6Vd78AKVonU10jIDDUr/oyCr2qZfSVUcO0Mx5uWAA2hdBtJMQ9AAYmP9ZYt1HqWWS/rCot2Q+dd+5KHWFNPQ2UEGmxSEfIrpo6pBKjF7vDWNrTbk8k94F6B/mjaL5m6R/FNSHheUhYRXDIAiA+EfCyzxdyUA+bDLbJ5P4tQaW+BOw+nwArmLqGYwgNM1aSAAD0mAgD5LmBXZKHKsrqWQZa911DhHJRYq269+0hcUMqbxLbS8fEUaDa8/f83E0WwmLjBW1h3QCubQd/VqhQYJj3kWlUyn6eZqkZyQjdFyGRetUxs/Zfe0CS8VKm212rToC/4vJUblaTdKWPxzWUmKElaiTkFzrqre4kdz9C0+OLTUiJpg5grq9hoY8X/45Oydmv+amyLLyUyGEeGqCVOm8g6N1w20szszB10D+NIk0LBntlOiQMvYPyL9xwS0egxDqKnu0C4kLgkoUXHeyQMeiahErzdR9tdle09fmzieuLc1r5o1Tq9QxOvT6zPYmDapBpozCvc2UntXU7pD+w0Q==
X-Forefront-Antispam-Report: 
	CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230025)(4636009)(346002)(396003)(376002)(136003)(39860400002)(451199018)(36840700001)(46966006)(40470700004)(356005)(86362001)(70206006)(7636003)(82740400003)(54906003)(36756003)(5660300002)(316002)(36860700001)(70586007)(4326008)(6916009)(8936002)(8676002)(2906002)(40460700003)(15650500001)(40480700001)(41300700001)(82310400005)(336012)(83380400001)(426003)(478600001)(47076005)(2616005)(7696005)(1076003)(26005)(186003)(107886003);DIR:OUT;SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Feb 2023 03:46:57.9759
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a892760-745c-4967-792b-08db0406f819
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN8NAM11FT014.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR12MB5428
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

Introduce PCD PcdRedfishTlsHostVerifyDisabled to RedfishDiscoverDxe
driver. Setting this PCD to true will turn off TLS host verify in
HTTPS connection between host and BMC.

Signed-off-by: Nickle Wang <nicklew@nvidia.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
---
 RedfishPkg/RedfishPkg.dec                            | 5 +++++
 RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf | 3 ++-
 RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c   | 8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/RedfishPkg/RedfishPkg.dec b/RedfishPkg/RedfishPkg.dec
index d2b189b13d..707228d22e 100644
--- a/RedfishPkg/RedfishPkg.dec
+++ b/RedfishPkg/RedfishPkg.dec
@@ -3,6 +3,7 @@
 #
 # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
 # (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved=
.
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
@@ -97,3 +98,7 @@
   # protocol instance.
   #
   gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand|FALSE|BO=
OLEAN|0x00001002
+  #
+  # Setting this PCD to TRUE will turn off TLS host verify during HTTPS ha=
ndshake.
+  #
+  gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled|TRUE|BOOLEA=
N|0x00001003
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf b/Redfish=
Pkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
index 345bacf44d..e872966693 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.inf
@@ -2,6 +2,7 @@
 #  Implementation of EFI_REDFISH_DISCOVER_PROTOCOL interfaces.
 #
 #  (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+#  Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserve=
d.
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,4 +53,4 @@
=20
 [Pcd]
   gEfiRedfishPkgTokenSpaceGuid.PcdRedfishDiscoverAccessModeInBand ## CONSU=
MES
-
+  gEfiRedfishPkgTokenSpaceGuid.PcdRedfishTlsHostVerifyDisabled    ## CONSU=
MES
diff --git a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c b/RedfishPk=
g/RedfishDiscoverDxe/RedfishDiscoverDxe.c
index 042d6d5fd5..1d4398e9d7 100644
--- a/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
+++ b/RedfishPkg/RedfishDiscoverDxe/RedfishDiscoverDxe.c
@@ -4,6 +4,7 @@
=20
   (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
   Copyright (c) 2022, AMD Incorporated. All rights reserved.
+  Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved=
.
=20
   SPDX-License-Identifier: BSD-2-Clause-Patent
=20
@@ -840,9 +841,10 @@ AddAndSignalNewRedfishService (
         goto EXIT_FREE_CONFIG_DATA;
       }
=20
-      RestExHttpConfigData->SendReceiveTimeout                =3D 5000;
-      RestExHttpConfigData->HttpConfigData.HttpVersion        =3D HttpVers=
ion11;
-      RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6 =3D CheckIsI=
pVersion6 (NetworkInterface);
+      RestExHttpConfigData->SendReceiveTimeout                           =
=3D 5000;
+      RestExHttpConfigData->HttpConfigData.HttpVersion                   =
=3D HttpVersion11;
+      RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6            =
=3D CheckIsIpVersion6 (NetworkInterface);
+      RestExHttpConfigData->HttpConfigData.HostCertificateVerifyDisabled =
=3D PcdGetBool (PcdRedfishTlsHostVerifyDisabled);
       if (RestExHttpConfigData->HttpConfigData.LocalAddressIsIPv6) {
         RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node =3D Allo=
cateZeroPool (sizeof (EFI_HTTPv6_ACCESS_POINT));
         if (RestExHttpConfigData->HttpConfigData.AccessPoint.IPv6Node =3D=
=3D NULL) {
--=20
2.39.1.windows.1